Bank safely with ING

We are continuously working on the solutions designed to protect your finance and we are trying to align them with the latest security standards. Nonetheless, it is up to you to use them in the correct way.

Never allow third parties to use your identifier, passwords or authorisation code. Do not use them on non-encrypted websites or websites other than the bank’s website.

Do not enter the full password.

Keep your password only for yourself.

When you are logging into online banking, enter only the characters requested by the system. At one login attempt, you will always receive a certain set of characters – e.g. if you make a mistake and the system will ask you to re-enter the password – the characters sequence will be the same as in the first attempt.

Always make sure if there is “https” at the beginning of the login website address (where you enter the user identifier and then the password). Moje ING: https://login.ingbank.pl/mojeing/app/#login

Our Bank will never ask you for the full password.

Cybercriminals want to obtain your login and password! They e.g. display a false screen to log into the online banking system. On such a screen, they may ask you for your password twice, but each time they will ask for a different set of characters.

On the above example, you can see a password field, which each time asks you for a different set of characters. If you add them up, you will get a full password. It is then received by cybercriminals who get access to your online banking.

Beware of false security certificates

We do not ask you to install additional software to use online banking.

Do not install additional security measures, such as e-security certificates.

When you receive a software download request, e.g. on your mobile – contact the bank. It is a fraud attempt!

By installing the certificate, your phone will get infected. In the installation process, cybercriminals ask for your consent e.g. to viewing and sending text messages. This is how they get access to authorisation codes sent by the bank in text messages, which ultimately means access to your money.

Do not download applications from untrusted sources.

Beware of mobile applications from unauthorised stores.

Application download links can be found on websites designed e.g. to watch videos. Such applications may steal your login data and authorisation messages.

How does it take place? When you log in to the bank on your mobile, the application will display a false login screen. This is how criminals will obtain your login and password. The application will then redirect incoming calls and text messages to the criminal’s telephone number.

A masked password is a really good security measure, however, special precautions should be taken during logging into the system in public places. In practice, a masked password does not protect typed characters against being seen, but it prevents unauthorised persons from seeing the full password.

A number of possible draws of the mask elements depends on the password length. Repetition of an identical password mask has random nature. The likelihood of occurring the same mask decreases as the password length increases. However, there is still a chance that the identical mask will be repeated again even if the password consists of 30 characters. If the password consists of 10 characters, an identical mask may occur quite often, statistically after less than 300 attempts.

Moreover, if you fail to provide a correct access password to the system, during the next attempt to log in the mask will remain the same until you enter a correct password.

You receive access to the system after providing the User Identifier and access password (in a masked form). Communication between your computer and the Bank’s server is encrypted with 128-bit SSL protocol. It guarantees fully secure data encryption, it protects data against changes made from the outside and authenticates computers that communicate with each other. Due to certificates issued by VeriSign you can be sure that you have established fully secure connection with the Bank’s server.

At the moment, instructions in the Moje ING are authorised with authorisation codes. This method enables authorisation of instructions made via the Moje ING with one time authorisation code that is sent to a mobile phone number (of Polish or foreign mobile operator) identified during the service activation and/or to the HaloŚląski Customer Number. If the Bank concludes that the instruction requires authorisation, a code in from of a text message will be sent to you or you will receive a code via the HaloŚląski telephone service (automatic service).

A register of recent operations makes it possible for you to check if there were any attempts of logging into the system by unauthorised persons. Another security is blocking access to the system if during the fifth attempt a correct identifier is provided but the password is incorrect. To increase your security we introduced time parameters that are responsible for the user’s active session time. A web server closes the session automatically if the Moje ING system is not used. It means that if you do not perform any operation for a longer time despite being logged into the system, the web server will close your active session after some time and you will be asked to log into the system again.

Remember that you can also contribute to secure management of funds in your bank account. In order to do so, follow the recommendations below:

use your access password to the system in a secure way,

control date of the last logging to the system,

control a register of recent operations,

use the Log Out function once you finished using the Moje ING,

remember to close all browser’s windows after logging out from the Moje ING and before you go away from the computer,

systematically install patches published by the provider of the operational system and software,

take precautions while downloading files from the internet and opening attachments to e-mails received or downloaded from untrusted sources,

do not use the electronic banking in public places (e.g. internet cafés), such computer workstations may have dangerous software installed to capture your data,

do not respond to e-mails that ask you to disclose or verify your personal data or confidential information such as login, access password to the Moje ING system, one time password or account number. ING Bank Śląski never sends such e-mails. If you receive such e-mail you should ignore it and notify the Bank about it.

Data transmission in the Moje ING system is made in https protocol. It is a variation of a http protocol created to exchange information that requires special protection due to its nature (e.g. financial information). A characteristic feature for https is encrypting the whole transmission with special encrypting keys, which practically make it impossible for unauthorised persons to capture data.

All financial services in the internet are provided with the use of this protocol, such as banking services or payments in on-line stores. If you use services based on https protocol, a virtual encrypted channel is created for the time of connection that connects you with the service server. You can securely submit data via this channel without a risk that the data will leak.

As soon as the encrypted connection is established, your browser in the address bar will display https protocol instead of http. Additionally, a small lock will be displayed on a status bar (at the browser window’s bottom). You can click it and read description of the server’s certificate.

You can check it in the Register of recent operations. It contains, inter alia, information on IP addresses that successfully or unsuccessfully logged into to the system. IP address is a unique number assigned to each computer with access to the internet. Additionally, computer IP address will be also displayed in the screen “Homepage” apart from information on recent loggings.

Presentation of IP addresses enables verification of places from which you logged into the Moje ING system. IP address is assigned by your internet services provider. In line with agreement with your provider you can use a fixed IP address or an assigned dynamic address. In the second case, each time during connecting to the internet, a computer is assigned an IP address from addressed that are at disposal of the internet service provider.

To learn what IP address was assigned to your computer you have to complete a relevant system command. On the basis of currently assigned IP, a scope of addresses that can be assigned to you is determined. These addresses can be determined on certain websites (e.g. www.ripe.net). If you log into the Moje ING system from the same place each time, then IP in the history of logins has to be within addresses offered by the internet provider for this localisation.

To remove the device from a list of trusted devices log into the Moje ING and select “Details and settings” from the top menu and next select “Security”. Moreover, you can change your PIN to the mobile application in sections “Security” and “Mobile Application”. You can also reset PIN to the mobile application in the “Mobile Application” section.

Our consultants can support you if needed. Call our special infoline for the internet banking customers:

(32) 357 00 10 or 801 601 607 (the costs of calls in accordance with the operator’s tariff)

ExpandCollapse

Do you have any doubts?

If you have encountered any of the above situations or you suspect that your computer or mobile got infected – contact us immediately: